aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,193 Commits
7 Branches
155 Tags
204 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '05bca0b6fb'
${ noResults }
Commit Graph

13193 Commits (05bca0b6fb61a406ac90e2a962995b49a7e6a274)
 

Author SHA1 Message Date
jason taylor 05bca0b6fb config: update commented value to default status 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
Victor Julien 84448d3bae tests: remove unnecessary flow locks 
Added once to satisfy debug validation, but we don't mix unittests
and debug validation anymore.

    sed -i -E '/.*FLOWLOCK_.*LOCK/d' *.c
 3 years ago
Victor Julien 579547c849 smtp: minor line loop cleanup 3 years ago
Victor Julien 96bb67f474 smtp: remove defunct check for line with single LF 
Don't fix it as DATA processing needs all the bytes.
 3 years ago
Victor Julien a2924b7141 smtp: constify line arguments where possible 3 years ago
Victor Julien e0d5878e49 smtp: move current line out of state 3 years ago
Victor Julien 1451bd62a6 smtp: move input out of state 3 years ago
Victor Julien 77fae275ef smtp: turn assertions in to debug asserts 3 years ago
Victor Julien 3a631085bb smtp: simplify preprocess loop 3 years ago
Victor Julien 30e47b2171 mime/base64: decode cleanups and simplification 
Addresses edge case: > 4 bytes at the end of the input with 2 or more
spaces.

Changes length type for remainder processing to allow for much longer
lines, which can happen in practice.

Adds a series of debug validation checks with real error handling
as well, to assist the fuzzer to find more edge cases.
 3 years ago
Victor Julien 92cd95b416 base64: no special case for nul char 
Let it be handled like other invalid input.
 3 years ago
Shivani Bhardwaj 5b27619778 base64: make decoder handle decoded data space constraints 
So far, it was the job of caller to send the bae64 decoder a perfect
block of data and take care of the destination buffer (decoded data)
size. Now, make it the decoder's job to take care of any space
constraints that the destination buffer may have and return accordingly.

Also, handle space characters in base64 encoded data as per RFC 2045.

Update MIME parser accordingly to handle the base64 data.

Ticket: 5315
 3 years ago
Shivani Bhardwaj cb01cc6929 base64: add Base64Ecode enum 3 years ago
Shivani Bhardwaj 9131d1d857 base64: add Base64Mode enum 3 years ago
Shivani Bhardwaj 1e3282f363 smtp: treat CR as a line terminator 
The ideal line terminator for an SMTP line is <CRLF>. But, given that
bare LF is still allowed by many systems despite the prohibition by
standards, we have to consider that. In order to simplify things, we
consider bare CR as line terminators as well while updating the
delimiter parameter correctly if they were to be followed by a LF
immediately or as a part of next fragment.

This takes care of some edge cases that made base64 decoder error out
because unexpected data was sent to it at times.

Ticket: 5316
 3 years ago
BACK Yonah 42a661f028 ci: adds CodeQL workflow and LGTM support 
Ticket: #5307
 3 years ago
dependabot[bot] 51c78680d2 github-actions: bump ossf/scorecard-action from 1.1.0 to 1.1.1 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](5c8bc69dc8...3e15ea8318)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 years ago
dependabot[bot] 41314e0830 github-actions: bump github/codeql-action from 2.1.11 to 2.1.12 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.11 to 2.1.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](a3a6c128d7...27ea8f8fe5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 years ago
Philippe Antoine d1a4dae36b detect: use generic integer functions for streamsize 
By the way, adds the prefilter feature

Ticket: #2697
Ticket: #4112
 3 years ago
Philippe Antoine 35b6dcec7e detect: use generic integer functions for filesize 
Ticket: #4112
 3 years ago
Philippe Antoine bfdf5b1952 detect: use generic integer functions for tcp mss 
Ticket: #4112
 3 years ago
Philippe Antoine 025b510cac detect: use generic integer functions for template2 3 years ago
Philippe Antoine 261eebba12 detect: use generic integer functions for ttl 
Ticket: #4112
 3 years ago
Philippe Antoine 2b0be91f28 detect: use generic integer functions for dsize 
Ticket: #4112
 3 years ago
Philippe Antoine f29b43defd detect: rust generic functions for integers 
Move it away from http2 to generic core crate.
And use it for DCERPC (and SMB)

And remove the C version.
Main change in API is the free function is not free itself, but
a rust wrapper around unbox.

Ticket: #4112
 3 years ago
Philippe Antoine c4d9cb02ec util: better hex print function 
Without dangerous snprintf pattern identified by CodeQL
even if this pattern is not a problem in those precise cases,
it may easily get copy pasted in a dangerous place, so better
get rid of it and make CodeQL happy
 3 years ago
Philippe Antoine 6058792bee rust: make suricata context const 
So that it is read only and its pointers do not get modified
 3 years ago
Philippe Antoine 5a00acece2 ftp: remove temporary fields from state 
As input, input_len and direction only last for the scope of
one call of AppLayerParserParse, it is not necessary to keep them
in FtpState which lives longer, so we consume less memory.
 3 years ago
Philippe Antoine 6224e283fa modbus: bump up rust crate version 
So that probing parser is more strict and does not accept unknown
function code as valid modbus.

Ticket: #5377
 3 years ago
Jason Ish c8a5207083 detect: introduce "like" ip-only signature type 
Rules that look like they should be IP-only but contain a negated rule
address are now marked with an LIKE_IPONLY flag. This is so they are
treated like IPONLY rules with respect to flow action, but don't
interfere with other IPONLY processing like using the radix tree.

Ticket: #5361
 3 years ago
Philippe Antoine d5abaf0b38 decode: fix integer warning 
Newly introduced warning.
Regular cast as value is checked just before.

Ticket: #4516
 3 years ago
Philippe Antoine 717e51b7cf defrag: fix integer warnings 
Ticket: #4516
 3 years ago
Philippe Antoine 2d761810db rust: cbindgen first verifies existing bindings 
So as not to recompile every C file inclusing rust.h
 3 years ago
Philippe Antoine ced96a8aad detect: parsing avoiding infinite loop 
by comparing size_t to strlen result
Instead of uint16_t which would loop

Ticket: #5310
 3 years ago
Philippe Antoine 875eb58fb0 file: use functions on fd to avoid toctou 
Ticket: #5308
 3 years ago
Philippe Antoine ecb8dd4de0 util: check for unsigned overflow in rohash 
To make CodeQL happy
 3 years ago
Jason Ish adda8801d8 conf: remove ConfGetValue 
All uses of ConfGetValue are satisfied by ConfGet
 3 years ago
Philippe Antoine 5bd19135b0 util: remove malloc from streaming buffer config 
as it is unused
 3 years ago
dependabot[bot] 0dd7c23fa0 github-actions: bump actions/cache from 3.0.2 to 3.0.3 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](48af2dc4a9...30f413bfed)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 years ago
Andreas Dolp db73a12540 doc/tls: Add documentation for TLS logging 3 years ago
Andreas Dolp f42bb45ccd doc/tls: Remove redundant example 3 years ago
Andreas Dolp e9976a0e14 suricata.yaml.in: Fix default value of prealloc-sessions 3 years ago
Andreas Dolp 324f5ec10c doc: Add missing ")" in example 3 years ago
Andreas Dolp 32b39d054f suricata.yaml.in: Remove duplicate "with" in comment. 3 years ago
Andreas Dolp e4163c4e02 doc: Fix typos 3 years ago
Andreas Dolp 49bd6cfa5d doc: Fix broken link 3 years ago
Philippe Antoine 284ad462fc output: adds schema.json 
Ticket: #1369
 3 years ago
Victor Julien ebf0629615 log-pcap: remove tunnel locks 
The tunnel lock mutex only "protects" the tunnel synchronization,
not the packet data, length or datalink fields.
 3 years ago
Victor Julien e7ab96c389 nflog: fix datalink compile issue 3 years ago
Juliana Fajardini 43d28f251f util/action: convert unittests to FAIL/PASS API 
Task #5371
 3 years ago